Securely expose & consume k8s services with Kuadrant

Learn More Install

Kuadrant bundles Limitador, the rate limiting service, and Authorino, our lightweight authorization agent. The Kuadrant Operator, available from Operator Hub, will take care of all the wiring and deployments of the services required for applying Rate Limits and Authorization Policies to your infrastructure.

Once installed, Policy Custom Resource Definitions let cluster operators apply a cluster-wide Rate Limit policy to protect the infrastructure from DDoS attacks; while application developers can use advanced features to control usages of their API endpoints with tailor-made authentication and authorization rules and protocols. Kuadrant supports a wide range of use cases, from simple Rate Limiting to ones that span across authorization and identity-based Rate Limits. Kuadrant leverages the Kubernetes Gateway API


Limitador is a generic rate-limiter written in Rust. It can be used as a library, or as a service. The service exposes HTTP endpoints to apply and observe limits. Limitador can be used with Envoy because it also exposes a grpc service, on a different port, that implements the Envoy Rate Limit protocol (v3).

Read more …


A lightweight Envoy external authorization server fully manageable via Kubernetes Custom Resources. JWT authentication, API key, mTLS, pattern-matching authz, OPA, K8s SA tokens, K8s RBAC, external metadata fetching, and more, with minimum to no coding at all, no rebuilding of your applications.

Read more …

New stuff!

Stay tuned for more.